USB armory mkII just received

[sergio...@gmail.com]

Just wanted to report that I have just received the device and have succeeded making into work using the eMMC without a microSD.

Since the documentation doesn't offer concrete instructions for this, here are the steps I followed:

0. Preparation

I prepared my Debian 10 installation as per the "Pre-requisites" section of: https://github.com/f-secure-foundry/usbarmory-debian-base_image

1. Compile u-boot:

Version 2019.07 is the one that accept the patches for the board. This is based on the steps used by the Debian base image:

wget ftp://ftp.denx.de/pub/u-boot/u-boot-2019.07.tar.bz2 -O u-boot-2019.07.tar.bz2

wget ftp://ftp.denx.de/pub/u-boot/u-boot-2019.07.tar.bz2.sig -O u-boot-2019.07.tar.bz2.sig

gpg --verify u-boot-2019.07.tar.bz2.sig

tar xf u-boot-2019.07.tar.bz2

cd u-boot-2019.07

make distclean

wget https://raw.githubusercontent.com/f-secure-foundry/usbarmory/master/software/u-boot/0001-ARM-mx6-add-support-for-USB-armory-Mk-II-board.patch

wget https://raw.githubusercontent.com/f-secure-foundry/usbarmory/master/software/u-boot/0001-Drop-linker-generated-array-creation-when-CONFIG_CMD.patch

patch -p1 < 0001-ARM-mx6-add-support-for-USB-armory-Mk-II-board.patch

patch -p1 < 0001-Drop-linker-generated-array-creation-when-CONFIG_CMD.patch

make usbarmory-mark-two_defconfig

sed -i -e 's/CONFIG_SYS_BOOT_DEV_MICROSD=y/# CONFIG_SYS_BOOT_DEV_MICROSD is not set/' .config

sed -i -e 's/# CONFIG_SYS_BOOT_DEV_EMMC is not set/CONFIG_SYS_BOOT_DEV_EMMC=y/' .config

Optional step if you don't have access to serial console:

sed -i -e 's/CONFIG_SYS_BOOT_MODE_NORMAL=y/# CONFIG_SYS_BOOT_MODE_NORMAL is not set/' .config

sed -i -e 's/# CONFIG_SYS_BOOT_MODE_UMS is not set/CONFIG_SYS_BOOT_MODE_UMS=y/' .config

Finally build:

CROSS_COMPILE=arm-linux-gnueabihf- ARCH=arm make

You're interested in a file called u-boot-dtb.imx. Save it somewhere for future use.

2. Compile imx_usb

(this requires libusb and pkg-config)

git clone https://github.com/boundarydevices/imx_usb_loader

cd imx_usb_loader

make

3. Build your own build of the Debian base image as per the instruction in https://github.com/f-secure-foundry/usbarmory-debian-base_image

Make sure you build for the eMMC device: make all V=mark-two IMX=imx6ull BOOT=eMMC

4. Follow the install section of the Debian base image. Here is where the u-boot-dtb.imx file we built before comes into play.

If you decided to use the serial console, connecting the debug accessory board gives you 4 serial ports. Use the third one with 115200 bauds.

Make sure the orientation is correct as indicated in: https://github.com/f-secure-foundry/usbarmory/tree/master/hardware/mark-two-debug-accessory

"NOTE: the connection between the debug accessory and the target is supported only with the same orientation for both top layers (side with components for the accessory, side with LEDs for the USB armory)."

Use the ".raw" file you just build in the previous step for the "dd" command". For example, in my case it was "usbarmory-mark-two-debian_stretch-base_image-20200222.raw". It seems that the releases in the repo are for microSD since I couldn't get them to boot from eMMC, but maybe I did something wrong so don't take my word for granted.

After these steps are followed, everything works beautifully :)

Hope this helps and makes you save a bit of time and research. Let me know if there are any question.

Regards,

Sergio Aguayo

[syd2...@gmail.com]

What's the performance of the Armory like? Such as when booting, or opening up a number of apps and web pages. Is it noticably slow in any way? Do you think there is enough CPU power & RAM?

thanks

[sergio...@gmail.com]

Definitively boots way faster than the first USB armory. But remember this isn't a performance-oriented device, but rather a security-oriented one. For that usage it seems more than adequate. But that would depend on your usage and expectations, so YMMV.

[syd2...@gmail.com]

did you get the USB adapter with MKI? If so, does it work the same way with MKII? Wonder why that's not being sold now, it seems like a useful addon.

[Sergio Aguayo]

Yes, I bought the mkI with the so-called host adapter, though I ended up never using it. Neither the serial console, which is exposed through some vias that need soldering.

However, the debug board is a completely different beast. Besides providing the serial console, it also allows accessing some GPIO pins and, if I understand the schematics correctly, even a second UART and multiple I2C interfaces. This is possible because the FTDI chip used, FT4232H, has a total of 4 channels (3 of which are being used). It has many other interesting functions (UART, USART, bit-banging, etc), but you'll have to look at its datasheet for details.

The debug board connects to the USB Armory via a USB Type C port. It can either sink or source power. However, the FTDI chip is connected to a microUSB port, which sinks power. You can power the Armory from this board (i.e. Computer->Debug Board->USB Armory) without connecting the Armory directly to your PC (i.e. don't connect its plug).

Hope this helps.

Regards,

Sergio Aguayo

[Andrea Barisani]

Instructions on how to create an eMMC image are posted here:

https://github.com/f-secure-foundry/usbarmory-debian-base_image

Cheers

[Sergio Aguayo]

Yes, I refer to that for most of the procedure. I wrote this post because I had the following problems:

1. I was supposed to use imx_usb to load u-boot, but there was no binary to be found and no procedure for building it in the wiki (the one I show is taken from the Makefile of the debian base image).

2. The patch referenced from the wiki ( https://github.com/f-secure-foundry/usbarmory/tree/master/software/u-boot/0001-USB-armory-mark-two-alpha-UMS.patch ) didn't apply cleanly either with or without the other patches applied, so I had to figure our which was the key part, starting with the other patches applied. As it turns out, this was a mistake on my part because I was using 2019.07 instead of 2019.04 as instructed (though the Debian base image does use 2019.07). Perhaps this could be updated to just include the commands for changing CONFIG_SYS_BOOT_DEV_EMMC.

3. The binaries available for download didn't work with eMMC, so I had to build them as per the instructions.

Now that I read my first post, I think I exaggerated when I wrote "doesn't offer concrete instructions". In reality, it does offer concrete instructions, but leaves some blanks that require time figuring out, which was my point in writing this.

On the other hand, I have followed the instructions for Secure Boot and they are superb :)

Regards,

Sergio Aguayo

[Andrea Barisani]

Thanks for your feedback, we will improve documentation accordingly.

Cheers

[Raviv Dotan]

Hey,

This is not available ?

wget https://raw.githubusercontent.com/f-secure-foundry/usbarmory/master/software/u-boot/0001-Drop-linker-generated-array-creation-when-CONFIG_CMD.patch

ב-יום שני, 24 בפברואר 2020 בשעה 19:23:21 UTC+2, Andrea Barisani כתב/ה:

[lcar...@gmail.com]

This patch is no longer required.

The U-Boot UMS patch has been replaced in favor of our armory-ums project.

Cheers

On 23 Oct 2020, at 23:31, Raviv Dotan <raviv...@gmail.com> wrote:

Hey,

--
You received this message because you are subscribed to the Google Groups "USB armory" group.
To unsubscribe from this group and stop receiving emails from it, send an email to usbarmory+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/2e6b53f1-9f5a-49e4-b34d-f85b770ec171n%40googlegroups.com.

[Raviv]

so what should be the steps for compile uboot and flash it to the EMMC via SDP ?

ב-יום שבת, 24 באוקטובר 2020 בשעה 1:29:01 UTC+3, Andrea Barisani כתב/ה:

[Andrej Rosano]

Hi,

U-Boot can be compiled by 'make IMX=imx6ulz u-boot' from [1]. You
will find the u-boot-dtb.imx file in u-boot-2020.10 directory.

You can flash it on eMMC using armory-ums tool.

Cheers
Andrej

[1] https://github.com/f-secure-foundry/usbarmory-debian-base_image.git

> > <https://groups.google.com/d/msgid/usbarmory/2e6b53f1-9f5a-49e4-b34d-f85b770ec171n%40googlegroups.com?utm_medium=email&utm_source=footer>
> > .

> >
> >
>
> --
> You received this message because you are subscribed to the Google Groups "USB armory" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to usbarmory+...@googlegroups.com.

> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/255ae26a-059d-4bbd-bd74-e79e618b377en%40googlegroups.com.


--
Andrej Rosano
Hardware Security | Inverse Path | F-Secure
www.inversepath.com | foundry.f-secure.com
5BB8 574E 68E8 D841 E18F D5E9 CEAD E0CF 0193 9B21

[Raviv]

where is the u-boot project source code ?

ב-יום שני, 26 באוקטובר 2020 בשעה 9:25:32 UTC+2, Andrej Rosano כתב/ה:

[Andrej Rosano]

The last version of usbarmory-debian-base_image is using U-Boot v2020.10
patched with [1]. You can find everything in the Makefile.

Cheers
Andrej

[1] https://github.com/f-secure-foundry/usbarmory/blob/master/software/u-boot/0001-ARM-mx6-add-support-for-USB-armory-Mk-II-board.patch

> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/5ced8a50-4ff3-47f1-b5ef-782ca1fd7426n%40googlegroups.com.

[Raviv]

Thank you 

So on this https://github.com/f-secure-foundry/usbarmory-debian-base_image

just build the docker and run: make all V=mark-two make IMX=imx6ulz u-boot BOOT=eMMC ?

I don't need to flash SPL boot file ?

** I don't need SDCARD to flash it right ?

ב-יום שני, 26 באוקטובר 2020 בשעה 17:59:24 UTC+2, Andrej Rosano כתב/ה:

[Andrej Rosano]

You don't need the SPL file. You can flash the image directly
on eMMC by using armory-ums [1].

Cheers
Andrej

[1] https://github.com/f-secure-foundry/armory-ums

> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/1fc486b0-2e19-444e-9af3-074950ac18b1n%40googlegroups.com.

[Raviv Dotan]

I want to flash only the u-boot for now ...

how to do it ?

I don't have any SDCARD.

Thank you

Thx

Raviv

[Andrej Rosano]

As you want to load U-Boot only I assume you have the debug accessory, is that
correct?

Then, you can load u-boot-dtb.imx with imx_usb_loader. At U-Boot console you can
expose the eMMC to the host via 'ums 0 mmc 1' command. Then you dd
u-boot-dtb.imx on the exposed disk ('dd if=u-boot-dtb.imx of=/dev/XYZ bs=1k seek=1').
Be careful to not overwrite your system disk.

Cheers
Andrej

[1] https://github.com/boundarydevices/imx_usb_loader.git

> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/CAFufeAuaf%2BFKXwyjtwVhPRQ1xH5o28fvq7WKxjvE9K9AVKR6GQ%40mail.gmail.com.

[Raviv Dotan]

Sorry I didnt understand the steps:

1. I'm in SDP mode ...

usb 1-2: new high-speed USB device number 19 using ehci-pci
usb 1-2: New USB device found, idVendor=15a2, idProduct=0080
usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
usb 1-2: Product: SE Blank 6ULL
usb 1-2: Manufacturer: Freescale SemiConductor Inc
hid-generic 0003:15A2:0080.0009: hiddev0,hidraw1: USB HID v1.10 Device [Freescale SemiConductor Inc  SE Blank 6ULL] on usb-0000:02:03.0-2/input0

2. I compiled the u-boot-dtb.imx file.

3. When I run imx_usb u-boot-dtb.imx

config file <.//imx_usb.conf>
vid=0x066f pid=0x3780 file_name=mx23_usb_work.conf
vid=0x15a2 pid=0x004f file_name=mx28_usb_work.conf
vid=0x15a2 pid=0x0052 file_name=mx50_usb_work.conf
vid=0x15a2 pid=0x0054 file_name=mx6_usb_work.conf
vid=0x15a2 pid=0x0061 file_name=mx6_usb_work.conf
vid=0x15a2 pid=0x0063 file_name=mx6_usb_work.conf
vid=0x15a2 pid=0x0071 file_name=mx6_usb_work.conf
vid=0x15a2 pid=0x007d file_name=mx6_usb_work.conf
vid=0x15a2 pid=0x0080 file_name=mx6ull_usb_work.conf
vid=0x1fc9 pid=0x0128 file_name=mx6_usb_work.conf
vid=0x15a2 pid=0x0076 file_name=mx7_usb_work.conf
vid=0x1fc9 pid=0x0126 file_name=mx7ulp_usb_work.conf
vid=0x15a2 pid=0x0041 file_name=mx51_usb_work.conf
vid=0x15a2 pid=0x004e file_name=mx53_usb_work.conf
vid=0x15a2 pid=0x006a file_name=vybrid_usb_work.conf
vid=0x066f pid=0x37ff file_name=linux_gadget.conf
vid=0x1b67 pid=0x4fff file_name=mx6_usb_sdp_spl.conf
vid=0x0525 pid=0xb4a4 file_name=mx6_usb_sdp_spl.conf
vid=0x1fc9 pid=0x012b file_name=mx8mq_usb_work.conf
vid=0x1fc9 pid=0x0134 file_name=mx8mm_usb_work.conf
vid=0x1fc9 pid=0x013e file_name=mx8mn_usb_work.conf
vid=0x3016 pid=0x1001 file_name=mx8m_usb_sdp_spl.conf
config file <.//mx6ull_usb_work.conf>
parse .//mx6ull_usb_work.conf
Trying to open device vid=0x15a2 pid=0x0080
Interface 0 claimed
do_command err=-7, last_trans=0
do_command err=-7, last_trans=0
do_command err=-7, last_trans=0
do_command err=-7, last_trans=0
do_command err=-7, last_trans=0
status failed

What is the problem?

Thx

Raviv

[Andrej Rosano]

Ensure to run imx_usb with sudo.
Also, consider the note about MacOS in imx_usb README.md:

```
If imx_usb fails to claim interface, com.apple.driver.usb.IOUSBHostHIDDevice
needs to be unloaded so libusb can claim, run:
sudo kextunload -b com.apple.driver.usb.IOUSBHostHIDDevice
```

Cheers
Andrej

> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/CAFufeAtJMxC1XjpaU-UJHQ8SGvDw_HX1U%3DQAwjnYS-UzqLSBDw%40mail.gmail.com.

[Raviv Dotan]

I did it from ubuntu with sudo ....

see the last output I sent you

config file <.//mx6ull_usb_work.conf>
parse .//mx6ull_usb_work.conf
Trying to open device vid=0x15a2 pid=0x0080
Interface 0 claimed

HAB security state: development mode (0x56787856)
== work item
filename u-boot-dtb.imx
load_size 0 bytes
load_addr 0x00000000
dcd 1
clear_dcd 0
plug 1
jump_mode 3
jump_addr 0x00000000
== end work item
loading DCD table @0x910000

<<<480, 480 bytes>>>
succeeded (security 0x56787856, status 0x128a8a12)
clear dcd_ptr=0x877ff42c

loading binary file(u-boot-dtb.imx) to 877ff400, skip=0, fsize=67c00 type=aa

<<<424960, 424960 bytes>>>
succeeded (security 0x56787856, status 0x88888888)
jumping to 0x877ff400
failed (security 0x56787856, status 0x33220a00)

Thx

Raviv

You received this message because you are subscribed to a topic in the Google Groups "USB armory" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/usbarmory/i-XM9IniM6g/unsubscribe.
To unsubscribe from this group and all its topics, send an email to usbarmory+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/20201027105938.GD104386%40stjenka.

[Raviv]

Thank you I succeeded to flash the u-boot into mmc with ums.

The problem when I tried to flash it again it not flash and boot the same image that I already flash before.

any idea?

ב-יום שלישי, 27 באוקטובר 2020 בשעה 11:48:25 UTC+2, Andrej Rosano כתב/ה:

[Andrej Rosano]

Not sure what happened in the flash procedure you described, but I'm glad you
solved the issue.

Cheers
Andrej

> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/f082640c-f13c-4e68-b028-ad4a6d68e416n%40googlegroups.com.

[Raviv]

Thanks as I said, I still cant flash the u-boot again with new firmware...

when I used ('dd if=u-boot-dtb.imx of=/dev/XYZ bs=1k seek=1') I got the same firmware and not the new one....

what do you think? 

ב-יום רביעי, 28 באוקטובר 2020 בשעה 15:37:22 UTC+2, Andrej Rosano כתב/ה:

[Andrej Rosano]

Double check the device file you are giving to dd.
Also note that the environment, in case you changed it, does not
get overwitten as it is located further in eMMC.

Can you show the exact commands you are using?

> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/ae1e8dd3-8552-4d34-9d4b-7d5a729db59fn%40googlegroups.com.

[Raviv]

thanks for your answer.

1. imx_usb u-boot-dts.imx

2. ums 0 mmc 1

3. dd if=u-boot-dtb.imx of=/dev/sdb bs=1k seek=1 

I'm sure it mount of /dev/sdb

what do you think?

ב-יום רביעי, 28 באוקטובר 2020 בשעה 15:49:50 UTC+2, Andrej Rosano כתב/ה: